300-715 Online Practice Questions and Answers

Which permission is common to the Active Directory Join and Leave operations?

A. Create a Cisco ISE machine account in the domain if the machine account does not already exist

B. Remove the Cisco ISE machine account from the domain.

C. Set attributes on the Cisco ISE machine account

D. Search Active Directory to see if a Cisco ISE machine account already ex.sts.

Which valid external identity source can be used with Cisco ISE?

A. IPsec vpn authentication

B. smart card

C. local user name and password

D. TACACS+ token

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provides an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

A. The Cisco switches only support MAB.

B. MAB provides the strongest form of authentication available.

C. The devices in the network do not have a supplicant.

D. MAB provides user authentication.

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

1.

An initial MAB request is sent to the Cisco ISE node.

2.

Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

3.

The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

A. wired NAD with local WebAuth

B. WLC with local WebAuth

C. NAD with central WebAuth D. device registration WebAuth

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

A. Network Access NetworkDeviceName CONTAINS

B. DEVICE Device Type CONTAINS

C. Radius Called-Station-ID CONTAINS

D. Airespace Airespace-Wlan-ld CONTAINS

An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times. What is the requirement to enable this feature?

A. one primary admin and one secondary admin node in the deployment

B. one policy services node and one secondary admin node

C. one policy services node and one monitoring and troubleshooting node

D. one primary admin node and one monitoring and troubleshooting node

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings The scan is complete on one PSN, but the information is not available on the others.

What must be done to make the information available?

A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.

B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.

C. Scanning must be initiated from the MnT node to centrally gather the information.

D. Scanning must be initiated from the PSN that last authenticated the endpoint.

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?

A. Configure access control list on network switches to block traffic.

B. Create authentication policy to force reauthentication.

C. Add MAC address to the endpoint quarantine list.

D. Implement authentication policy to deny access.

Refer to the exhibit.

Which checkbox must be enabled to allow Cisco ISE to publish group membership information for active users that can be shared with Cisco Firepower devices?

A. Enable Passive Identity Service

B. Enable SXP Service

C. Enable Device Admin Service

D. pxGrid

A client with MAC address 04:77:10:14:67:AB connects to the network. The client does not support 802.1X. Which setting must be enabled in the Allowed Authentication Protocols list in your Authentication Policy for Cisco ISE Server to support MAB authentication for this MAC address?

A. Process Host Lookup

B. EAP-FAST

C. EAP-TTLS

D. MS-CHAPv2